Corporate Responsibility Report About Symantec

2017 Corporate Responsibility Report About Symantec

Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security company, enables organizations, governments, and consumers SYMANTEC to secure their most important data wherever it lives. Organizations and AT A GLANCE governments across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, the More than 163 million cloud, and infrastructure. Likewise, more than 50 million people rely on email users, 80 million web proxy users, and Symantec’s Norton and LifeLock product suites to protect their digital 175 million endpoints lives at home and across their devices. Symantec operates the world’s protected largest civilian threat intelligence network, enabling us to see and protect Operations in more than against the most advanced threats. 35 countries More than 2,600 patents We support the United Nations Global Compact and granted worldwide Sustainable Development Goals Approximately 12,000 Symantec is committed to helping shift the employees worldwide world onto a sustainable path. A Fortune 500 company Symantec became a signatory to the United with more than Nations Global Compact (UN Global Com- $4 billion in revenues pact) in 2006. We continue to follow the (fiscal year 2017) 10 principles of the UN Global Compact and we maintain active membership in the Headquarters in UN Global Compact Network USA. We par- Mountain View, ticipate in the UN Global Compact LEAD California program by hosting and participating in meetings and fully adhering to the UN Global Founded in 1982; Compact Advanced Criteria. IPO in 1989 In addition, we’ve aligned our corporate responsibility activities with the following UN Sustainable Development Goals (SDGs). Please learn more about corporate responsibility at Symantec, and share your feedback on this report, by visiting www.symantec. com/about/corporate- responsibility.

Recognition

2017 Dow Jones 2017 FTSE4Good 2017 One of 2017 100 Best Sustainability Indices Global Index, World’s Most Ethical Corporate Citizens, (North America and member for 11 Companies, awarded three World), member for consecutive years awarded 10 consecutive years 11 consecutive years consecutive years by Corporate by Ethisphere Responsibility Institute Magazine

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 1 Message from our CEO

As the global cyber security leader, Symantec takes seriously • Cyber security workforce growth: To date, we’ve exposed its mission to protect the world from the cyber attacks we hear approximately 7,000 students to cyber security careers as about all too frequently. We are working each day to create a we work to address the shortage of qualified candidates to secure and sustainable future through our dedication to each join the fight against cyber criminals. Now in its third year, other, our customers, and society. the Symantec Cyber Career Connection (Symantec C3) provides a pathway for young people, adults, and veterans In the past year, we’ve made exciting changes to redefine to learn about, and get trained to enter, cyber security ca- the future of cyber security and set the pace for innovation reers. industrywide. We took transformational steps forward with the acquisition of Blue Coat and LifeLock. In both instances, • Greater diversity and inclusion: I recently signed the CEO the technologies and expertise we gained have allowed us to Action for Diversity & Inclusion pledge along with more than strengthen the protection we offer customers. 150 other CEOs. The goal is to rally the business community to advance diversity and inclusion. In addition, Symantec The very nature of our business—ensuring the security, avail- earned a 100 percent score on the Human Rights Campaign ability, and integrity of our customers’ information—requires a Corporate Equality Index, earning a “Best Place to Work for culture of global responsibility. Symantec continues to follow LGBT Equality” designation for the ninth consecutive year. the United Nations Global Compact’s 10 principles to protect Progress toward our diversity and inclusion goal is not easy, human rights, uphold ethical labor conditions, preserve the en- but we are committed to continuing to work on this import- vironment, and combat corruption. We also embrace the Unit- ant issue. ed Nations Sustainable Development Goals (SDGs) relevant to our business. Throughout this report, we describe how we are I am proud of Symantec’s continued leadership as a respon- contributing toward progress on specific SDG targets. sible and successful company, bringing together our people, passions, and powerful technology to support social and envi- We have spent much of this transitional year integrating our ronmental priorities. On behalf of our entire team, thank you workforce and driving operational efficiencies. While we’ve for your continued support. experienced a great deal of change, we remain committed to achieving our goals. Here are some of this year’s highlights: • Greenhouse gas (GHG) reduction: In FY17, we reduced our GHG emissions by 15 percent, far surpassing our three percent annual reduction target. This achievement puts Greg Clark us well on track to meet or exceed our 10-year, 30 percent Chief Executive Officer reduction goal. We remain committed to environmental stewardship and are excited to report on our progress.

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 2 Our Commitment to Corporate Responsibility

At Symantec, we pursue opportunities that provide maximum benefit to society. We make commitments and take action to inspire and unite our employees and customers and, more broadly, all of business and society. Through our global efforts to build and sustain a diverse and inclusive workplace, invest in STEM and cyber security education, and reduce GHG emissions, we are making the world a better and safer place.

We organize our corporate responsibility efforts Focusing on what matters most into three pillars: Symantec’s core set of priority issues guides our corporate responsibility strategy and disclosure. These priority issues, which are essential to our business success, are of highest concern to Symantec and its stakeholders.

Our People includes talent, culture, Priority Issue: Related Business Objective diversity, and inclusion Talent Develop and maintain a skilled, diverse, and tal- and ented global workforce, and cultivate high levels Culture of engagement and loyalty by providing opportunities for personal and professional growth. Diversity Grow the technology talent pipeline with diver- and sity in mind and attract and retain the best talent Your Information includes securing Inclusion available, create a culture where diverse talent can thrive and innovate, and better understand information, privacy, and customer and serve our diverse global markets. satisfaction Securing Provide software and services that protect and Information secure our customer’s data where it lives and help to address the cyber security workforce development gap through the Symantec Cyber Career Connection program. Customer Engender customer loyalty through continuous The World includes the environment, Satisfaction improvements in our internal customer satisfac- human rights, philanthropy, and tion metrics and customer retention practices. Energy and GHG Minimize Symantec’s environmental footprint community engagement and partner with other organizations to work toward an environmentally sustainable future.

Important Issue: Related Business Objective Philanthropy Enhance employees’ connection to the com- and Community pany, to each other, and to their own careers, Engagement and support business goals related to the priority issues above.

We conducted our first materiality analysis to determine priority issues in 2008. We update the analysis periodically to ensure that our priorities align with stakeholder interests and our internal assessments of trends, regulations, environmental and societal concerns, and overall business risks and opportunities.

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 3 Our People: Talent and Culture

Symantec employees are dedicated to our mission of keeping the world’s information safe. With a focus on innovation, our team uses its unique strengths to secure data and protect against future cyber attacks. To maximize employee engagement and success in delivering on our goals, we provide professional training and development and promote a winning culture.

Innovating for the future GOAL By FY2020, limit voluntary attrition Employees are invigorated by the addition of new talent and leadership that for employees receiving the highest have recently joined our Symantec team. With a significant technical back- performance assessments to no more ground in cyber security, our new CEO continues to be well-positioned to iden- than three percent, supporting our tify new strategic opportunities to leverage our technology. Our focus on inno- ongoing focus on making Symantec a vation will drive the company’s growth and help us to win in the marketplace. great place to work. We define a winning culture as one where every action expresses the cultural tenets that make Symantec strong: FY17 PROGRESS LEAD, INNOVATE, and GROW. Our retention rates have been flat due to organizational changes resulting from Helping employees navigate change Symantec growth—both organic and Our commitment to employees has not wavered. We are helping them navi- through acquisitions. We will continue gate the shifts of a changing organization by delivering targeted training. For to focus on developing our talented example, the Change Leadership program enables employees to understand leadership and employees. organizational change and their role within it, as well as to share their expe- riences and strategies for adapting to those changes. In FY17, we also relaunched Xcellerate, a one-year program for high-performing leaders. Xcellerate develops the leadership ability of those who demon- strate the desire, ability, and potential to take on broader, long-term challenges. The program, which includes individual coaching and the creation of individual development plans, is a way to further develop our high performers and recognize their value to the company. We continue to check the pulse of the organization through employee surveys and apply the insights we gather to meet employee needs. In one instance, we learned many employees were unsure how to invest in their careers. In response, we launched the “Navigate Your Career” program on our intranet portal at the start of FY18. Symantec participates in the annual Grace Hopper Conference that celebrates women in computing. cellerate Participants by Region

Americas 63 At our Xcellerate event in October, participants developed EMEA 17 skills necessary to become even India 13 stronger leaders.

AP 7

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 4 Our People: Diversity and Inclusion

At Symantec, we aim to be as diverse as the world in which we live. We’ve made investing in diversity a priority not only because it’s the right thing to do, but also because it translates to a higher performing industry and company, and boosts our bottom line. We understand that a diversity of perspectives promotes better business decision-making. It also helps ensure the products and services we offer meet the needs of the broad spectrum of customers worldwide.

SDG LINKAGE GOAL Achieve gender equality and empower all women and girls. By FY2020, in the Symantec workforce, increase by 15 percent the percentage of RELATED SDG TARGET 5.1 End all forms of discrimination against all women and girls women globally, and underrepresented everywhere. minorities in the United States, using FY14 as a baseline year. HIGHLIGHTS > We continued our support of the UN Women’s Empowerment Princi- FY17 PROGRESS ples and the Anita Borg Institute. We are not making sufficient progress > We continued funding the National Center for Women & Information toward our goal, though we have Technology Pathways Study, which looks at how men and women in integrated diversity and inclusion tech leadership positions talk about career advancement. criteria into our attraction, retention, and advancement strategies. Our efforts have been especially challenged by recent SDG LINKAGE organizational changes and acquisitions, Reduce inequality within and among countries. which have impacted our ability to affect the mix of people at Symantec. RELATED SDG TARGET 10.3 Ensure equal opportunity and reduce inequalities of outcome by such actions as eliminating discriminatory laws, policies, and practices and promoting appropriate legislation, policies, and action.

HIGHLIGHTS > We advocated for marriage equality and the Equality Act, and op- posed North Carolina’s “bathroom bill.” > We partnered with the Human Rights Campaign to advocate for LGBTQ equality issues. > We awarded a 2016 grant to Global Fund for Women supporting LGBTQ equality in India. > We initiated a series with TriplePundit called “Black Lives Matter and Beyond,” which examines how companies can work to improve equality by increasing diversity in their ranks.

Diversity and inclusion at Symantec Human Rights Our four-pronged strategy to address diversity across all backgrounds includes: Campaign Foundation 2016 Best Places for 1 Attract, retain, and develop a diverse group of employees. Work for LGBT Equality, awarded nine 2 Ensure an inclusive experience for our employees, customers, consecutive years and entire value chain. 3 Invest in science, technology, engineering, and mathematics (STEM) and cyber security education to increase the pipeline of diverse technology talent. 4 Promote equality on a national and global level.

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 5 Our People: Diversity and Inclusion

Symantec Workforce Diversity Report FY17 U.S. Ethnic Diversity**

Global Gender Diversity U.S. Race / Ethnicity Total Leadership 26 74 White 56 White 65 Leadership Asian 34 Asian 26 23 77 Hispanic 5 Hispanic 4 Two or More 2 Two or More 2 Technical Black 2 Black 1 16 84 Non-Technical Technical Non-Technical 45 55 White 66 White 51 Asian 22 Asian 41 n Female n Male Hispanic 7 Hispanic 4 * Leadership is defined as director and above. ** U.S. ethnic categories are based on EEOC race/ethnicity definitions. Two or More 2 Two or More 2 Employees who declined to self-identify for race/ethnicity have Black 2 Black 2 been excluded.

Tackling unconscious bias in the workplace Addressing unconscious bias—the automatic, subconscious judgments and behaviors we exhibit toward others—has become a crucial lever in meeting our diversity goal. We must consider not only how to bring in more diverse candidates, but also how we can create a culture that ensures those candidates are evaluated and, if hired, treated without bias. To promote inclusive thinking, we piloted a Mitigating Bias training that com- bined in-person and webinar sessions around the world. In FY17, Symantec: > Rolled out the training to all recruiters and human resources business partners. > Embedded aspects of the training in our Pay and Performance training and New Manager training.

By the end of FY19, we aim to roll out our Mitigating Bias training to all em- At Symantec’s Springfield office, Cass Averill discusses ployees. Through these trainings, we are fostering an inclusive culture of ac- how to navigate uncomfortable and difficult situations ceptance and respect to achieve a healthier and more productive workplace. in a recent Ally Education workshop offered by the employee resource groups PRIDE & SWAN. Targeting an untapped talent pool Our commitment to diversity and inclusion includes working to create a qualified and diverse talent pool to supply the fast-growing cyber security industry. As one example, we donated $50,000 to one of our nonprofit partners, Goodwill, so it could expand access to its Autism Advantage program. The program provides re- al-world training to candidates on the autism spectrum while also raising awareness among hiring managers about this often untapped, highly skilled talent pool. By sponsoring this innovative initiative, Symantec recognizes that equity comes in many forms.

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 6 Your Information: Security and Privacy

As the world’s largest pure-play cyber security company, with the largest civilian threat intelligence network in the world, Symantec has earned the trust of consumers, businesses, and governments to secure their information.

Symantec’s commitment to security and privacy In FY17, a year marked by extraordinary cyber attacks, we continued to mon- itor, evaluate, and share threat data to ensure the security of our customers’ information. At the same time, we fiercely protected customer and employee privacy and carefully managed access to personal information. We believe it is imperative that we be involved in global conversations about data security and privacy. For example, we took part in discussions around the European Union’s development of new rules for good data governance, and provided key input into the General Data Protection Regulation (GDPR). Through this experience, we gained the knowledge needed to provide our customers with a suite of products that ensures their compliance with the GDPR. We are currently revamping our own critical systems to ensure Symantec is GDPR compliant. As an example, the GDPR requires that we include privacy considerations in the early stages of product development. To meet this re- quirement, Symantec is enhancing its “privacy by design” framework to ensure that data privacy is considered at all stages of product development and deployment. This framework will be implemented by the end of FY18. New “privacy by design” certifications will be required with each product release. Symantec’s annual Internet Security Serving our customers Threat Report™ analyzes the cyber We deliver innovative products and services to our customers and stand ready threat landscape and provides informed to resolve any technical issues that may arise. Our online user communities and commentary on emerging trends in discussion forums also serve as an important resource for product applications. attacks, malicious code activity, phishing, and spam. The report gives governments, We instill our brand vision, mission, and values into every product support enterprises, small businesses, and interaction. When customers contact us, we carefully track how well we’re consumers essential information to doing to build trust, loyalty, and a sense of delight. We review all feedback and secure their systems effectively now and we follow up with customers who provided low scores to see if we can address in the future. It is available online at their issues. We use this feedback to drive improvements in product quality www.symantec.com. and support transactions.

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 7 Your Information: Cyber Security Education

Cyber security is one of the most important fields in technology, and Symantec plays a critical role in building the pipeline of cyber security professionals.

SDG LINKAGE GOAL Promote sustained, inclusive, and sustainable economic growth, By FY2020, excite, engage, and educate full and productive employment, and decent work for all. one million students in science, technology, engineering, and math RELATED SDG TARGET 8.5 By FY2030, achieve full and productive employment and decent (STEM)—emphasis on computer science work for all women and men, including young people and persons with and cyber security—through global disabilities, and equal pay for work of equal value. nonprofit partnerships, with an HIGHLIGHTS investment of $20 million. > We continued to address the global shortage of cyber security professionals through the Symantec Cyber Career Connection program. FY17 PROGRESS This year we passed our milestone of one million students educated in STEM, since FY15, on a $9,085,000 investment. Scaling our workforce development efforts through Symantec We reached our engagement goal by Cyber Career Connection expanding the American Association Now in its third year, the Symantec Cyber Career Connection (Symantec C3) of University Women (AAUW) Tech program provides a pathway for underrepresented young adults, veterans, Trek program and by adding multiple and others to enter the cyber security field. Symantec C3 delivers targeted nonprofit partnerships focused on education, training, and certifications to help candidates fill in-demand cyber cyber security education. Our Science security jobs and enter long-term, meaningful careers. Buddies partnership also exceeded our In FY17, we evaluated ways to scale the Symantec C3 program to reach more reach expectations, exposing hundreds students. We conducted multi-stakeholder interviews and established a data- of thousands of students to hands-on base to track progress. In the coming year, we intend to establish additional science education projects. partnerships to expand the reach of this impactful program.

Symantec C3 addresses four key challenges across the workforce pipeline Recruit, Train, Prepare Launch Excite Certify for Job Careers We help nonprofits We recruit and train We place students We connect gradu- and educators raise underrepresented in cyber security ates to cyber security awareness of careers populations in cyber internships. positions. in cyber security. security. 6,800+ students 81% graduation 63% are people 72% employed in reached since rate. of color; 25% are cyber security or program inception female; 22% are pursuing additional in 2014. veterans. degrees within six months of graduation.

“Tech Trek was a once-in-a-lifetime opportunity. It Inspiring girls in STEM opened up my eyes to a whole new idea of what my We believe it is never too early to engage with students about cyber security. future career can be.” We support the AAUW’s national Tech Trek Program, which offers week-long —Grace Beal, Tech Trek participant STEM camps to eighth grade girls in the US. We added a cyber security track to the program, giving students the opportunity to learn about coding and other technology subjects. Given the success of this curriculum, we are working to expand its distribution to other nonprofits.

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 8 The World: Energy and GHG Emissions

Our environmental strategy grows out of our responsibilities as an individual enterprise and a global stakeholder. We’re building a more sustainable business, playing a key role in creating a low carbon future, and incorporating environmental stewardship into our operations, products, and supply chain.

SDG LINKAGE GOAL Take urgent action to combat climate change and its impacts. By FY2025, reduce scope 1 and 2 GHG emissions by 30 percent (compared RELATED SDG TARGET with FY15). 13.2 Integrate climate change measures into national (and company) policies, strategies, and planning FY17 PROGRESS HIGHLIGHTS In FY17, we reduced scope 1 and scope > We made more efficient use of our office and data center space to 2 GHG emissions by 15 percent, far optimize our physical footprint. surpassing our three percent annual > We implemented energy efficiency projects in carbon-intensive reduction target and bringing our locations including Tucson, Arizona and Pune, India. reduction total to 19 percent. For more information, see below. Promoting a low carbon future We believe that moving to a low carbon economy is important for sustainable economic growth. As we integrate new business acquisitions, we are reducing resource use across our operations, and engaging employees and taking part in industry initiatives to transition to a clean energy future. Setting our bar high We are excited to report significant progress toward our 10-year, 30 percent GHG reduction goal. In FY17, we exceeded our targeted three percent annual reduction, delivering a 15 percent reduction in just one year. Since our FY15 baseline year, we have reduced scope 1 and 2 emissions by 19 percent. We achieved this progress primarily as a result of three initiatives: 1 Energy efficiency projects that reduced overall energy consumption. 2 Space consolidation efforts that created a more efficient global A pipe connecting several chilled-water systems was the solution to saving energy and money at our Tucson office footprint. data center. 3 An internal cloud platform initiative that reduced our data center footprint. While we can most effectively reduce our scope 1 and 2 GHG emissions, we recognize our responsibility to address our broader carbon footprint, including indirect, or scope 3, GHG emissions. In FY17, we became a signatory to the Science Based Targets initiative, which commits us to a full accounting of scope 3 emissions and to setting a science-based goal that incorporates both direct and indirect GHG emissions. Saving energy and saving money—an example At our Tucson data center, our most energy-intensive site, we realized new energy savings after implementing a simple solution to a confounding problem. The data center was consuming huge amounts of energy to cool onsite servers. The data center had been built in three phases, each with its own chilled-water cool- ing system, each operating independently. We installed a roof pipe to connect the three systems, making them into a single, more efficient system. The outcome? Reduced energy use (expected annual savings of 7.7 million kilowatt hours) and fewer GHG emissions (over 5,700 metric tons of CO2 avoided per year), plus significant cost savings: a win-win for our business and the environment.

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 9 The World: Supply Chain

Symantec is committed to respecting and upholding human rights, including the rights to privacy and freedom of expression, as well as human rights across our supply chain. We implement policies and processes to eliminate risk, enhance transparency, and promote greater accountability in our own operations and with our suppliers.

SDG LINKAGE GOAL Promote sustained, inclusive, and sustainable economic growth, By FY16, implement the Electronics full and productive employment, and decent work for all. Industry Citizenship Coalition (EICC) code of conduct with 100 percent of RELATED SDG TARGET our Tier One suppliers. 8.7 Take immediate and effective measures to eradicate forced labor, end modern slavery and human trafficking, and secure the prohibition and elimination of the worst forms of child labor, including recruitment FY17 PROGRESS and use of child soldiers, and by FY2025 end child labor in all its forms. We did not meet our goal. This was primarily due to shifts in our supplier HIGHLIGHTS base associated with the FY16 Veritas > We issued our first UK Modern Slavery Act statement. divestiture and FY17 Blue Coat > We utilized a human trafficking risk index to evaluate our Tier One acquisition. As of FY17, 37 percent of product suppliers. Tier One suppliers added environment > We added the EICC code to 37 percent of our Tier One product and corporate responsibility terms to supplier contracts; 57 percent of those have completed the EICC-On their contracts and 57 percent of those SAQ, which has a section on human trafficking. suppliers completed the self-assessment questionnaire (SAQ) on EICC-On.

Engaging suppliers on human trafficking The elimination of human trafficking is a key aspect of supply chain responsibility, as highlighted in the UK Modern Slavery Act of 2015. To ensure we comply with this legislation, we have implemented a due diligence process for human trafficking in our supply chain. In FY17, we sent questionnaires to existing Symantec Tier One suppliers, analyzed the results, and found that the vast majority of our suppliers are at low risk. For the single supplier identified as medium risk, we gathered further policy and monitoring information and outlined our expectations for improvement. We will conduct this same review process with Blue Coat suppliers in FY18. Completing supply chain integration We continuously work to strengthen our supplier relationships. Our goal is to improve transparency and instill responsible business practices in supplier operations and value chains. The Blue Coat integration added many new suppliers to our lists. Accordingly, FY17 was a transitional year for many of our supply chain responsibility activities. In FY18, we will complete a full review of our key suppliers and establish an updated compliance process.

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 10 The World: Philanthropy and Community Engagement

Symantec believes strongly in giving back to the communities where we live and work. We implement programs—both financial and hands-on—that improve people’s lives and communities, while enhancing our business. In growing our volunteer and philanthropy programs, we offer our employees opportunities to develop their leadership and collaboration skills. The impact can be measured in many ways.

SDG LINKAGE GOAL Ensure inclusive and equitable quality education and promote By FY2020, reach an average of four lifelong learning opportunities for all. volunteer hours per employee—in line with what is considered best practice for RELATED SDG TARGET employee engagement. 4.4 By FY2030, substantially increase the number of youth and adults who have relevant skills, including technical and vocational skills, for employment, decent jobs, and entrepreneurship. FY17 PROGRESS In FY17, our engagement numbers HIGHLIGHTS dropped by 10 percent to 2.24 hours per > We conducted an assessment in Pune, India to understand the profes- employee. This decrease was primarily sional interests of women and people with disabilities living in slums. due to competing internal priorities The goal is to determine Symantec’s ability to provide IT job opportu- and employee turnover. We have since nities to this demographic. redoubled our commitment to support volunteer opportunities through such Empowering employees to volunteer programs as Symantec’s Take Five In November 2016, Symantec employees logged more than 4,000 volunteer initiative, Global Service Week, and hours during our first annual Global Service Week. The event enabled employees Symantec Service Time. to connect with new organizations and explore ways to give back year-round. As Symantec and Blue Coat were coming together as one company, Global Service Week was an excellent opportunity for friends, old and new, to connect. Five paid working days to volunteer We cultivate personal and professional growth, engagement, higher morale, and loyalty by providing volunteer opportunities for Symantec individuals and teams. In FY17, we launched Symantec Service Time. The program, de- signed to be completed during work hours, grants each employee 40 hours a year to volunteer or serve on a community relations committee, Employee Resource Group (ERG), or Green Team. Evolving our product donation model Product donations remain one of Symantec’s largest mechanisms for supporting the nonprofit community. Many small nonprofits face difficult choices in allocat- Employees in Reading, UK help clear Beale Park for ing limited funds. A Symantec product donation enables them to ensure the se- future visitors. curity of their information while preserving funds for other expenses. As product hosting moves from desktop to cloud, we’ll be evolving our donation model to accommodate this transition. Points of Light Foundation FY17 Cash Contributions by Focus Area Civic 50 list of most community-minded companies in America, Education 62 We refined our education focus area in awarded three iversity 14 FY17 to prioritize cyber security consecutive years education, rather than general STEM Environment 10 topics. This focus better aligns with our Online afety 9 overall company objectives and expertise. Miscellaneous 5

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 11 Performance Tables

FY17 FY16 FY15 FY14 OPERATIONS1 (ENDED MARCH 31, 2017) (ENDED APRIL 1, 2016) (ENDED APRIL 3, 2015) (ENDED MARCH 28, 2014)

Revenue (in millions of $) Total revenue 4,019 3,600 3,956 4,183 Consumer security 1,664 1,670 1,887 2,063 Enterprise security 2,355 1,930 2,069 2,135 Revenue by Region Americas 58% 59% 56% 55% Europe, Middle East, and Africa (EMEA) 24% 25% 27% 27% Asia Pacific and Japan (APJ) 18% 16% 17% 18%

Cost of Revenue (in millions of $) Total cost of revenue 853 615 727 791

Operating Expense (in millions of $) Total operating expenses 3,266 2,528 3,075 3,248 Income Tax Income tax expense (in millions of $) –26 1,213 –8 16 Effective income tax rate2 10% 309% –8% 15%

Net Income (in millions of $) Net income attributable to stockholders –106 2,488 878 898

1 In August 2015, we entered into a definitive agreement to sell the assets of our information management business (“Veritas”) to The Carlyle Group (“Carlyle”). The results of Veritas are presented as discontinued operations in our Consolidated Statements of Operations and thus have been excluded from continuing operations and segment results for all reported periods. 2 We recorded an income tax expense on discontinued operations of $1.1 billion, $223 million, and $242 million for fiscal 2016, 2015, and 2014, respectively. Tax expense in fiscal 2016 was primarily driven by (1) $1.1 billion of tax expense for providing U.S. taxes on certain undistributed foreign earnings, primarily those attributable to the sale of Veritas, and (2) $10 million of tax expense attributable to recording valuation allowances for certain deferred tax assets.

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 12 Performance Tables

FY17 WORKFORCE BREAKDOWN BY GENDER TOTAL FEMALE MALE NOT DECLARED

Employment Contract FY17 FY16 FY17 FY16 FY17 FY16 FY17 FY16 Permanent (Employees) 12,518 11,430 3,253 3,114 9,210 8,250 55 66 Temporary (Contingent Workers) 551 557 18 49 19 55 514 453 Interns 140 127 27 39 113 88 0 0 Employment Type1 Full-Time 12,478 11,383 3,219 3,075 9,204 8,242 55 66 Part-Time 40 47 34 39 6 8 0 0 Workforce by Region1 Americas 6,148 5,567 1,629 1,581 4,507 3,978 12 8 Asia Pacific and Japan (APJ) 1,493 1,266 471 441 982 769 40 56 Europe, Middle East, and Africa (EMEA) 2,139 1,975 634 614 1,502 1,359 3 2 India 2,738 2,622 519 478 2,219 2,144 0 0 Employee Category 1 Executive (Vice President or above) 177 118 23 17 154 101 0 0 Manager (Nonexecutive with direct reports) 1,959 1,809 558 524 1,396 1,282 5 3 Individual Contributor (Nonexecutive without 10,382 9,503 2,672 2,573 7,660 6,867 50 63 direct reports) Board of Directors Board of Directors 11 10 3 3 8 7 0 0

1 Excludes interns.

PERCENTAGE OF FEMALE EMPLOYEES 1 FY17 FY16 FY15 FY14

Companywide 26% 27% 27% 28% Americas 26% 28% 28% 29% Asia Pacific and Japan (APJ) 32% 35% 32% 32% Europe, Middle East, and Africa (EMEA) 30% 31% 29% 29% India 19% 18% 19% 18%

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 13 Performance Tables

AGE COMPOSITION OVER 50 30-50 YEARS UNDER 30 NOT OF EMPLOYEES1 YEARS OLD OLD YEARS OLD DECLARED

Employee Categories FY17 FY16 FY17 FY16 FY17 FY16 FY17 FY16 Executive (Vice President or above) 34.5% 39.8% 65.5% 60.2% 0.0% 0.0% 0.0% 0.0% Manager (Nonexecutive with direct reports) 17.0% 13.8% 81.5% 84.1% 1.4% 1.9% 0.0% 0.2% Individual contributor (Nonexecutive without direct reports) 10.0% 8.3% 72.4% 71.6% 17.6% 19.9% 0.0% 0.2% Board of Directors Board of Directors 73.0% 80.0% 27.0% 20.0% 0.0% 0.0% 0.0% 0.0%

1 Excludes interns.

FY17 ETHNIC NATIVE COMPOSITION OF AMERICAN HAWAIIAN/ U.S. EMPLOYEES1 INDIAN/ BLACK/ OTHER AND BOARD OF ALASKA AFRICAN HISPANIC/ PACIFIC TWO OR NOT DIRECTORS2 NATIVE ASIAN AMERICAN LATINO ISLANDER MORE RACES WHITE SPECIFIED3

Employee Categories FY17 FY16 FY17 FY16 FY17 FY16 FY17 FY16 FY17 FY16 FY17 FY16 FY17 FY16 FY17 FY16 Executive (Vice President or above) 0.0% 0.0% 11.3% 16.8% 1.4% 2.1% 2.1% 4.2% 0.0% 0.0% 2.1% 3.2% 42.3% 72.6% 40.8% 1.1% Manager (Nonexecutive with direct reports) 0.2% 0.2% 24.1% 27.7% 0.8% 1.3% 4.4% 5.6% 0.0% 0.2% 1.2% 2.1% 48.9% 60.0% 20.5% 2.8% Individual contributor (Nonexecutive without direct reports) 0.1% 0.2% 28.2% 32.7% 1.8% 2.4% 3.9% 5.0% 0.1% 0.2% 1.6% 2.0% 43.4% 55.1% 20.9% 2.5% Board of Directors Board of Directors 0.0% 0.0% 9.0% 10.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 91.0% 90.0% 0.0% 0.0%

1 Excludes interns. 2 U.S. data only, based on U.S. government reporting EEO data. 3 Complete FY17 ethnicity data was not available, in part due to the Veritas divestment and Blue Coat and LifeLock acquisitions, but also because of employee turnover.

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 14 Performance Tables

FY17 NEW EMPLOYEE HIRES 4 FY17 FY16

Total 3,369 3,087 New Employee Hires by Region Americas 1,817 1,256 Asia Pacific and Japan (APJ) 469 446 Europe, Middle East, and Africa (EMEA) 579 585 India 504 800 New Employee Hires by Gender Female 801 905 Male 2,561 2,178 Not declared 7 4 New Employee Hires by Age Group Under 30 years old 687 990 30-50 years old 2,192 1,859 Over 50 years old 482 212 Not declared 8 26

4 Excludes contingent workers and interns.

FY17 EMPLOYEE TURNOVER AND RATE EMPLOYEE TURNOVER 4 TURNOVER RATE 5

FY17 FY16 FY17 FY16 Voluntary 951 1,566 7.6% 10.2% Involuntary 1,369 1,930 10.9% 12.6% Total 2,320 3,496 18.5% 22.8% Turnover by Region Americas 1,240 1,457 9.9% 9.5% Asia Pacific and Japan (APJ) 263 573 2.1% 3.7% Europe, Middle East, and Africa (EMEA) 410 700 3.3% 4.6% India 407 766 3.3% 5.0% Turnover by Gender Female 678 984 5.4% 6.4% Male 1,630 2,491 13.0% 16.3% Not declared 12 21 0.1% 0.1% Turnover by Age Group Under 30 years old 363 729 2.9% 4.8% 30-50 years old 1,656 2,413 13.2% 15.8% Over 50 years old 299 344 2.4% 2.2% Not declared 2 10 0.0% 0.1%

4 Excludes contingent workers and interns; FY16 data excludes transfers to Veritas in Oct 2015. 5 Turnover rate = total terminations count/average headcount.

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 15 Performance Tables

U.S. MATERNITY AND PATERNITY LEAVE TOTAL FEMALE MALE NOT DECLARED

FY17 U.S. Maternity and Paternity Leave 6 Employees on maternity or paternity leave at some time 244 132 112 0 during FY17 FY16 U.S. Maternity and Paternity Leave Employees on maternity or paternity leave at some time 465 222 243 0 during FY16 FY16 employees who returned to work after maternity or 300 142 158 0 paternity leave ended Total number of employees who returned from maternity or 234 105 129 0 paternity leave during FY16 and are still employed 12 months after their return FY16 Retention rate 78% 74% 82% 0

6 Complete FY17 maternity and paternity leave data, including retention rate, will be available at the end FY18.

FY17 FY16 FY15 FY14 OUR PEOPLE (ENDED MARCH 31, 2017) (ENDED APRIL 1, 2016) (ENDED APRIL 3, 2015) (ENDED MARCH 28, 2014) Percent of workforce unionized 0.72% 0.76% 1.12% 1.25% Training and Development 7 Total Learning Excellence Credits (LEC) earned 0 238,065 346,760 433,299 Average number of LECs per employee 0 15.52 18.70 20.85 Total training and development hours 15,918 — — — Average hours per full-time employee 1.4 — — —

Health & Safety (U.S. Sites) 8 Total injury and illnesses 16 14 33 74 Lost work days 126 94 255 213 Fatalities 0 0 0 0

7 Talent Development no longer tracks Learning Excellence Credits (LECs), but we are tracking the total and average hours of training and development per full-time employee. 8 Accident and injury statistics are provided for the United States only; global statistics are not currently available.

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 16 Performance Tables

FY17 FY16 FY15 FY14 YOUR INFORMATION (ENDED MARCH 31, 2017) (ENDED APRIL 1, 2016) (ENDED APRIL 3, 2015) (ENDED MARCH 28, 2014)

Total number of worldwide granted patents (approximately) 2,620 2,124 3,303 2,705 Employees trained on Global Privacy Policy 1 New hires New hires All new hires + 94% 20% of existing population Employees trained on Global Security New hires 95% 84% — # of mobile vulnerabilities discovered 855 528 168 127 # of grants to fight cybercrime & support online safety 31 26 28 28 Value of grants to fight cybercrime & online safety grants ($) 2 2,550,000 2,585,900 2,158,000 790,000

1 During FY15, Symantec selected a new provider for code of conduct training and, because of onboarding activities, could not enroll the whole population before the end of the fiscal year. In the meantime, all new hires received privacy training, and targeted privacy training was delivered to higher risk employees, representing about 20 percent of the overall workforce. A privacy training module was added to Symantec’s Code of Conduct training in FY14. The FY14 figure represents the percentage of employees who completed the online Code of Conduct training course globally. 2 Philanthropic dollars contributed to cyber crime and online safety are included in total philanthropic giving figures reported.

WORLD DATA FROM SYMANTEC’S SECURITY CALENDAR YEAR CALENDAR YEAR CALENDAR YEAR THREAT REPORT (VOL. 22) 2016 2015 2014

Total breaches 1,209 1,211 1,523 Total identities exposed 1.1B 564M 1.2B Breaches with >10M identities exposed 15 13 11 Web attacks blocked per day 229,000 340,000 — Phishing rate 1 in 2,596 1 in 1,846 1 in 965

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 17 Performance Tables

FY17 FY16 FY15 FY14 THE WORLD (ENDED MARCH 31, 2017) 5 (ENDED APRIL 1, 2016) 5 (ENDED APRIL 3, 2015) 5 (ENDED MARCH 28, 2014)

LEED/ENERGY STAR LEED certified buildings 16 15 18 22 ENERGY STAR-certified buildings (United States) 3 3 2 2 Greenhouse Gas Emissions 1

2 Total absolute emissions (thousands of metric tons of CO2e) 145 163 164 244 Scope 1 (natural gas, diesel, propane, refrigerants, gasoline) 5 4 5 9 Scope 2 market-based (purchased electricity and heating) 102 123 126 — Scope 2 location-based (purchased electricity and heating) 89 114 119 153 Scope 3 (air travel and rental cars) 38 36 32 83

Total normalized emissions (metric tons of CO2e per million dollars 36 45 42 36 of revenue) Emission intensity – Scope 1 1 1 1 1 Emission intensity – Scope 2 market-based 25 34 32 23 Emission intensity – Scope 3 10 10 8 12

Energy Consumption (gigajoules) 1 Total energy consumption 1,352,149 1,465,834 1,421,487 1,890,447 Scope 1 (natural gas, diesel, propane, gasoline, onsite solar) 56,324 63,980 72,301 108,666 Scope 2 (purchased electricity and heating) 741,079 878,342 877,930 1,023,955 Scope 3 (air travel and rental cars) 554,746 523,512 471,256 757,826 Energy intensity (all scopes per million dollars of revenue) 336 407 359 283

Waste Management (metric tons) 3 Total 1,191 1,158 1,105 — Landfill 554 (47%) 539 (47%) 380 (34%) — Recycling/Composting 585 (49%) 579 (50%) 600 (54%) — Recovery (energy from waste) 52 (4%) 40 (3%) 125 (11%) — Water 4 Water consumption (thousand m3 per year) 439 442 565 351 Water intensity (m3 per million dollars of revenue) 109 123 143 53 Environmental Fines Number of environmental fines 0 0 0 — Amount of environmental fines 0 0 0 —

1 Symantec’s emission figures are calculated and updated in accordance with 4 Water consumption data was compiled from Symantec’s owned or long-leased the WRI and WBCSD GHG Protocol to account for change in the data, inventory facilities (where Symantec has operational control of the water utility bill) boundary, methods, or other relevant factors. worldwide. The FY14-17 data has been verified (limited assurance) by a third-party

2 To align with the WRI/WBCSD Greenhouse Gas Protocol Scope 2 Guidance vendor. Starting in FY15, the water consumption data includes estimates for sites published in 2015, Symantec has calculated and will be reporting market-based for which actual water consumption data is not available. Data for previous years and location-based Scope 2 values from the greenhouse gas reduction goal base included only water directly purchased by Symantec. year of FY15 and forward. The total absolute and normalized emissions include 5 For FY15-17, we have adjusted energy use, water use, and GHG emissions data to Scope 2 market-based values. reflect the Veritas divestment and Blue Coat and LifeLock acquisitions back to the 3 For FY15 we have data available for a small number of our global sites, beginning of FY15, which is the baseline year for the GHG goal. representing 41 percent of our total global square footage and including our headquarters in Mountain View, California. The waste data for FY16 and FY17 represents 47 percent and 36 percent, respectively, of our total global square footage, including our headquarters in Mountain View, California.

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 18 Performance Tables

FY17 FY16 FY15 FY14 PHILANTHROPIC GIVING (ENDED MARCH 31, 2017) (ENDED APRIL 1, 2016) (ENDED APRIL 3, 2015) (ENDED MARCH 28, 2014)

Philanthropic Giving (in thousands of $) Total giving 24,492 26,726 31,753 29,151 Symantec Foundation 1,116 1,475 1,486 0 Grants and sponsorships 3,568 3,635 3,808 4,185 Matching gifts, Dollars for Doers 1,086 814 1,060 938 Software donations (retail value of licenses) 18,772 20,802 25,399 24,028 Licenses donated (number) 428,299 436,828 471,575 441,046 Employee Contributions Employee giving ($) 803,170 592,440 621,739 781,143 Volunteer hours 27,794 28,782 29,983 31,073

FY17 FY16 FY15 FY14 GRANTS BY FOCUS AREA (ENDED MARCH 31, 2017) (ENDED APRIL 1, 2016) (ENDED APRIL 3, 2015) (ENDED MARCH 28, 2014)

Diversity 14% 15% 16% 18% Education 62% 60% 51% 43% Environment 10% 4% 9% 6% Online safety 9% 13% 18% 24% Miscellaneous 5% 8% 7% 9%

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 19 GRI 102: General Disclosures 2017

UNGC CROSS- DISCLOSURES DESCRIPTION CROSS-REFERENCE OR ANSWER GRI & UNGC ADDITIONAL INFORMATION REFERENCE

Organizational Profile 102-1 Name of the Symantec Corporation organization 102-2 Activities, brands, Company Profile products, and Business Overview services 2017 10-K, p. 4-6

102-3 Location of Mountain View, California headquarters 102-4 Location of Operations in more than 35 countries. operations 2017 10-K, p. 5-7 102-5 Ownership and 2017 10-K, p. 4 legal form 102-6 Markets served 2017 10-K, p. 4 102-7 Scale of the Performance Tables, p. 12-13 organization 2017 10-K, p. 4, 6-8, 43-44 102-8 Information on Performance Tables, p. 13 Symantec’s work is not performed by a substantial number employees and of independent contractors or supervised workers. There is other workers no significant variation in Symantec’s employment numbers during the year. 102-9 Supply chain The World: Supply Chain, p. 10 Symantec’s global supply chain includes procurement, Advanced Supply Chain Responsibility travel, manufacturing, and logistics. Each region (Europe, Criterion 2 Middle East and Africa; Asia Pacific and Japan, and Americas) manages end-to-end supply chain processes for their region. All manufacturing and logistics are outsourced to partners in the region. In total, Symantec has 37 Tier One (major) manufacturing/logistic suppliers.

Symantec’s Global Supplier Code of Conduct 102-10 Significant 2017 10-K, p. 4-8 Advanced changes to the Criterion 2 organization and its supply chain

102-11 Precautionary See explanation. The precautionary principle is not applied specifically principle or across the organization, nor in the development and approach introduction of new products. Symantec uses a model similar to the precautionary principle for risk management with regard to business continuity. Our Enterprise Resilience team determines the impact likelihood of each threat occurrence and conducts exercises to ensure full understanding of possible impact. This enables us to determine, and report on, any unacceptable single points of failure.

Formula used to determine risk: risk value = threat impact x threat probability

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 20 GRI 102: General Disclosures 2017

UNGC CROSS- DISCLOSURES DESCRIPTION CROSS-REFERENCE OR ANSWER GRI & UNGC ADDITIONAL INFORMATION REFERENCE

Organizational Profile (Continued) 102-12 External See explanation. Symantec joined the UN Global Compact as a signatory and Advanced initiatives member in 2006. We are a participant in the Global Criterion 18 Compact LEAD initiative, a platform for corporate sustainability leadership. As part of this commitment, we pledged to implement the blueprint for corporate sustainability leadership and to share our experience with other companies, the UN Global Compact Networks, and other initiatives.

We also are proud to be a founding signatory of the Women’s Empowerment Principles (WEP). This partnership initiative of UN Women and UN Global Compact provides a set of considerations to help the private sector focus on key elements integral to promoting gender equality.

102-13 Membership of See explanation. Trade and Industry Associations associations • The Software Alliance (BSA) • American Chamber of Commerce to the European Union (AMCHAM EU) • Canadian American Business Council (CABC) • European Internet Foundation • EURIM • Digital Policy Alliance Family Online Safety Institute (FOSI) • Information Technology Industry Council (ITI) • Information Technology Association of Canada (ITAC) TechAmerica • Online Trust Alliance • Software Assurance Forum for Excellence in Code (SAFECode) • TechNet • U.S. Chamber of Commerce • U.S.-India Business Council • U.S. Information Technology Office (USITO)

Environmental/Climate Change Policy • Business for Innovative Climate & Energy Policy (BICEP) • Silicon Valley Leadership Group

Diversity and Gender Organizations • Anita Borg Institute • Catalyst • Center for Talent Innovation • Executive Women’s Forum • International Labor Organization Global Business and Disability Network • Invent Your Future • Human Rights Campaign • National Center for Women & Information Technology (NCWIT) • U.S. Business Leadership Network (USBLN)

Cybercrime Prevention • National Cyber-Forensics & Training Alliance (NCFTA) • National White Collar Crime Center (NW3C) • National Cyber Security Alliance (NCSA) • Society for the Policing of Cyberspace (POLCYB)

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 21 GRI 102: General Disclosures 2017

UNGC CROSS- DISCLOSURES DESCRIPTION CROSS-REFERENCE OR ANSWER GRI & UNGC ADDITIONAL INFORMATION REFERENCE

Strategy 102-14 Statement from Message from our CEO, p. 2 Support of the United Nations Global Compact. Advance senior decision- Criterion 17 maker Advanced Criterion 19 Ethics and Integrity 102-16 Values, principles, Code of Conduct Business values and contributions to UN goals and issues. Advanced standards, and Criterion 14 norms of behavior Advanced Criterion 15 Governance 102-18 Governance 2017 Proxy Statement, p. 9-13 structure Charter of the Nominating and Governance Committee of the Board of Directors Corporate Governance Stakeholder Engagement 102-40 List of stakeholder Stakeholder Engagement Advanced groups Criterion 21 102-41 Collective Performance Tables, We support employees’ rights to freedom of association Advanced bargaining p. 16 through collective bargaining agreements and/or works Criterion 8 agreements councils. 102-42 Identifying and Stakeholder Engagement Advanced selecting Criterion 21 stakeholders 102-43 Approach to Stakeholder Engagement Advanced stakeholder Criterion 21 engagement 102-44 Key topics and Stakeholder Engagement Advanced concerns raised Criterion 21 Reporting Practice 102-45 Entities included 2017 10-K, p. 1 in the consolidated financial statements 102-46 Defining report 2016 Corporate Responsibility 2014 Corporate Responsibility Report, p. 13 Advanced content and topic Report, Our Commitment to Corporate Criterion 2 Boundaries Responsibility, p. 5-6 GRI/UN Global Compact Index; Topics and Topic Boundary Table 102-47 List of material GRI Standards topics related to topics Symantec’s priority issues include: Customer Privacy, Employment, Economic Performance, Diversity and Equal Opportunity, Training and Education, Energy, Emissions, and Marketing and Labeling

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 22 GRI 102: General Disclosures 2017

UNGC CROSS- DISCLOSURES DESCRIPTION CROSS-REFERENCE OR ANSWER GRI & UNGC ADDITIONAL INFORMATION REFERENCE

Reporting Practice (Continued) 102-48 Restatements of For FY15-FY17, we have adjusted information energy use, water use, and GHG emissions data to reflect the Veritas divestment and BlueCoat acquisitions back to the beginning of FY15 as the baseline year for the GHG goal. 102-49 Changes in None. reporting 102-50 Reporting period Data in this report reflect Symantec’s global operations and correspond to Symantec’s fiscal year ending March 31, 2017. 102-51 Date of most Our last Communication on Progress recent report (COP) was published in October 2016. Our last full report was published for FY16 in October 2016. 102-52 Reporting cycle Symantec publishes a full corporate Time period responsibility report every two years covered and a UN Global Compact by COP. Communication on Progress each year. 102-53 Contact point for We welcome your comments and questions questions about this report and our regarding the corporate responsibility efforts. Please report email us at [email protected]. 102-54 Claims of This report has been prepared in COP reporting in accordance with the GRI Standards: incorporates accordance with Core option. high standards the GRI Standards of transparency and disclosure (GRI Standards: Core option). 102-55 GRI content index GRI Index 102-56 External Although we do not seek full assurance assurance for our reporting, we have externally assured the company’s greenhouse gas emissions figures for FY17 with a global audit covering Scope 1, 2, and 3 emissions. We also assure externally our water withdrawal data.

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 23 GRI 103: Topics and Topic Boundaries 2017

MANAGEMENT APPROACH MATERIAL TOPICS CROSS-REFERENCE RELEVANT EXTERNAL ENTITIES UNGC CROSS-REFERENCE

Economic GRI 201: Economic Performance 2017 2017 10-K, p. 8-20, 43-47, 67-68 Communities 2017 Climate Change CDP, CC5-6 Customers Governments and regulators Message from the CEO, p. 2 Investors Suppliers Environmental GRI 302: Energy 2017 Environmental Policy Statement Communities Advanced Criterion 9 Customers Advanced Criterion 10 Governments and regulators Investors Suppliers GRI 305: Emissions 2017 Environmental Policy Statement Communities Advanced Criterion 9 2017 Climate Change CDP, CC7.1- Customers Advanced Criterion 10 8.5, 9, 10, 12, 14 Governments and regulators Investors Suppliers Social GRI 401: Employment 2017 Code of Conduct Advanced Criterion 6 Human Rights Policy Advanced Criterion 7 GRI 404: Training and Education 2017 2016 Corporate Responsibility Advanced Criterion 6 Report, Talent and Culture, p. 10-11 Advanced Criterion 7 GRI 405: Diversity and Equal Human Rights Policy Advanced Criterion 6 Opportunity 2017 Advanced Criterion 7 GRI 417: Marketing and Labeling 2017 10-K, p. 5 Customers 2017 Governments and regulators GRI 418: Customer Privacy 2017 2016 Corporate Responsibility Customers Report, Customer Satisfaction, Governments and regulators p. 18-19

MANAGEMENT APPROACH ADDITIONAL TOPICS CROSS-REFERENCE UNGC CROSS-REFERENCE

GRI 205: Anticorruption 2017 Code of Conduct Advanced Criterion 12 Conflict Minerals Policy Advanced Criterion 13 Symantec’s EthicsLine GRI 412: Human Rights 2017 Human Rights Policy Advanced Criterion 3 Corporate Responsibility Policies Advanced Criterion 4 Conflict Minerals Policy Symantec’s EthicsLine

SYMANTEC • 2017 CORPORATE RESPONSIBILITY REPORT 24 GRI 200-400 Topic-Specific Disclosures 2017